From feb10f47b7c4f76a646784455a32866dbb82d210 Mon Sep 17 00:00:00 2001 From: Rainer Gerhards Date: Tue, 27 Sep 2005 14:52:22 +0000 Subject: updated sample config; better error reporting on allowedSenders --- sample.conf | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 55 insertions(+), 3 deletions(-) (limited to 'sample.conf') diff --git a/sample.conf b/sample.conf index c6353bec..99f9f0e3 100644 --- a/sample.conf +++ b/sample.conf @@ -1,5 +1,20 @@ # This is a sample configuation file for rsyslogd. See the -# man pages for details. Please note that rsyslogd by default +# doc/manual.html for details. If you can not find the +# manual set, please visit +# +# http://www.rsyslog.com/doc/ +# +# to obtain it online. +# +# WARNING: We do NOT keep the comments in this file always +# up to date. Be sure to consult the doc set that +# came with your package, especially the file on +# rsyslog.conf - it probably has some better information +# than is provided here in comments. The main purpose +# of sample.conf is to show you some actual directives, +# not to be the authorative doc source. +# +# Please note that rsyslogd by default # reads /etc/rsyslogd.conf (and NOT /etc/syslogd.conf!). # # A commented sample configuration. More a man page than a real @@ -7,7 +22,12 @@ # # We try to keep things as consistent with existing syslog implementation # as possible. We use "$" to start lines that contain new directives. -# Set syslogd options + +# We limit who can send us messages: +$AllowedSender UDP, 192.0.2.0/24, 10.0.0.1 # all machines in 192.0.2 as well as 10.0.0.1 +$AllowedSender TCP, 10.0.0.1 # for TCP, we allow only 10.0.0.1 +# remove the AllowedSender directives if you do not want to limit +# who can send rsyslogd messages (not recommended) # Templates are a key feature of rsyslog. They allow to specify any # format a user might want. Every output in rsyslog uses templates - this @@ -97,6 +117,10 @@ # was provided in the message (in most cases, only seconds) # TIMESTAMP alias for timereported # +# Other properties might be available at the time you read this. Be sure +# to consult the property replacer documentation in the doc set for all +# properties. +# # FromChar and toChar are used to build substrings. They specify the # offset within the string that should be copied. Offset counting # starts at 1, so if you need to obtain the first 2 characters of the @@ -206,6 +230,34 @@ $template dbFormat,"insert into SystemEvents (Message, Facility,FromHost, Priori # Of course, you can also specify a template with TCP: *.* @@172.19.2.16:1514;RFC3164Fmt +# We also support property-based filters, which allow for nice +# things. Let's for example assume that you receive a lot of +# nonsense messages with "ID-4711" in the message text. You know +# that you will never need these messages. So you simply discard them +:msg, contains, "ID-4711" ~ + +# or you would like to store messages from a specific host to +# a different file: +:FROMHOST, isequal,"myhost.example.com" /var/log/myhost.log + +# everyting that does not contain "error" should also be +# discarded +:msg, !contains, "error" ~ +# and the rest go to a seperate file +*.* /var/log/error +# (keep in mind that the two directives shown immediately +# above must be kept in that order to actually work) + +# you can also execute a script. Let's assume, for example, you need +# to execute "turn-diesel-generator-on" when "power failed" is contained +# in a message... ;) +:msg, contains, "power failed" ^turn-diesel-generator-on +# (The script is passed the syslog message as first and only paramter. +# Other parameters can currently not be specified.) + +# Note that boolean operations (other than not [!]) are not +# currently supported. As such, you can not filter out different +# facilities from different machines - hopefully later ;) # # A final world. rsyslog is considered a part of Adiscon's MonitorWare product line. @@ -217,5 +269,5 @@ $template dbFormat,"insert into SystemEvents (Message, Facility,FromHost, Priori # as a web-based front-end to a syslog message database. # # I hope this work is useful. -# 2005-07-20 Rainer Gerhards +# 2005-09-27 Rainer Gerhards # -- cgit